Debian: libgd2 arbitrary code execution fix

    Date09 Nov 2004
    CategoryDebian
    3077
    Posted ByLinuxSecurity Advisories
    "infamous41md" discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 591-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    November 9th, 2004                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : libgd2
    Vulnerability  : integer overflows
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0990
    BugTraq ID     : 11523
    
    "infamous41md" discovered several integer overflows in the PNG image
    decoding routines of the GD graphics library.  This could lead to the
    execution of arbitrary code on the victim's machine.
    
    For the stable distribution (woody) these problems have been fixed in
    version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of
    libgd2.
    
    For the unstable distribution (sid) these problems will be fixed soon.
    
    We recommend that you upgrade your libgd2 packages.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1.dsc
          Size/MD5 checksum:      705 88c7efa97eeab7a6eadeb620bd09188e
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1.diff.gz
          Size/MD5 checksum:     8303 d7cba99b80f5d24d7925690d1cd64d3b
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1.orig.tar.gz
          Size/MD5 checksum:   436945 43af994a97f3300a1165ca4888176ece
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_alpha.deb
          Size/MD5 checksum:    19426 6a129f7af61c4c89d9f8a479efb1aa80
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_alpha.deb
          Size/MD5 checksum:   133708 d6bef2d604d1399f76c86988a28b2c2f
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_alpha.deb
          Size/MD5 checksum:   161450 8c3a8019e562585656dbc4ab1e0f9ef1
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_alpha.deb
          Size/MD5 checksum:   133038 8ff0de6efe179744247ec3755a199068
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_arm.deb
          Size/MD5 checksum:    16494 b8761b5ef00d2e2fdc0a12bd5ba64935
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_arm.deb
          Size/MD5 checksum:   122794 4133503e81fa4009e1112c3972d3345c
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_arm.deb
          Size/MD5 checksum:   149662 0452e1f7012f5337a04ddb110ca9601d
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_arm.deb
          Size/MD5 checksum:   122106 21ebf1c6a9c99a654aeda3dc2de8ae61
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_i386.deb
          Size/MD5 checksum:    16360 ba3066520359c3291d225c3587467b47
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_i386.deb
          Size/MD5 checksum:   122538 eef089742b45329d6eee1b4b8e3d32a3
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_i386.deb
          Size/MD5 checksum:   144380 f04b92dfa62c680420c0bc2427e77d0d
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_i386.deb
          Size/MD5 checksum:   121988 8401ad37f2301fb537fb021f248007e3
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_ia64.deb
          Size/MD5 checksum:    19686 6c3c9b03041462cd524ac5a9f136615e
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_ia64.deb
          Size/MD5 checksum:   150808 515e12b09662de87d49b6f35acae1ebb
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_ia64.deb
          Size/MD5 checksum:   176490 99c2709b91b19847a5464a43da387f82
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_ia64.deb
          Size/MD5 checksum:   149940 2e4ddcf1e74e5a4d6290c05c1ab12c14
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_hppa.deb
          Size/MD5 checksum:    17560 c8007c9d34777006a64484d4c6e7a93f
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_hppa.deb
          Size/MD5 checksum:   133764 02776aee09b0c637d657f72ef25da6e3
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_hppa.deb
          Size/MD5 checksum:   158148 79cad220b411030e9ae73b6cc571b4d0
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_hppa.deb
          Size/MD5 checksum:   133214 db7f30c855c7c081086ef0ca087b167e
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_m68k.deb
          Size/MD5 checksum:    16254 d68b2a04ef57a8d3d796ddf4a87cfacb
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_m68k.deb
          Size/MD5 checksum:   119546 6d2f5b67232dceb02e05e1c023b4c63f
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_m68k.deb
          Size/MD5 checksum:   141400 b2ed3350229ad3c3e3355dd96e68cc75
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_m68k.deb
          Size/MD5 checksum:   118992 b6bfe3a735b1d923d0bc57dde4b915c7
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_mips.deb
          Size/MD5 checksum:    16254 a50a60c6911d92ba9a0515e87aaaa325
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_mips.deb
          Size/MD5 checksum:   125870 189dd85190eb1f3b804762602793fa92
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_mips.deb
          Size/MD5 checksum:   155372 1d343ea6008b1325abc5695f2c040280
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_mips.deb
          Size/MD5 checksum:   125226 ad9fc8b3e7d1991168ef898bbb3a2544
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_mipsel.deb
          Size/MD5 checksum:    16178 7291e8074a031d4245f321084d4277aa
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_mipsel.deb
          Size/MD5 checksum:   126100 14c4f2f1d9d3fb1b555ec9b1f0745e5a
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_mipsel.deb
          Size/MD5 checksum:   155530 3ffae465699cb6775927c05daef6785d
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_mipsel.deb
          Size/MD5 checksum:   125470 bd3d389629412e2e5860f4a0d5c4fc33
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_powerpc.deb
          Size/MD5 checksum:    16684 abae7aecfede1fba89c55541db9621f0
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_powerpc.deb
          Size/MD5 checksum:   126232 5f4ac8d84d3e1957243ef904fd9460af
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_powerpc.deb
          Size/MD5 checksum:   152194 2ff1c73c04e079cd3c048a3fe0c76b62
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_powerpc.deb
          Size/MD5 checksum:   125536 7d03001e0fbefdd8481e8aa8ebd8f1d5
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_s390.deb
          Size/MD5 checksum:    17526 c6d969e33155948d6fe20b6faa467505
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_s390.deb
          Size/MD5 checksum:   125972 e792ef4f6ca004f73a4c5e239525c456
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_s390.deb
          Size/MD5 checksum:   146656 50536238baf45e02b4d0efee67e23716
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_s390.deb
          Size/MD5 checksum:   125356 4688d47c735283c8974c6306aac76cdc
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_sparc.deb
          Size/MD5 checksum:    16622 dad3372d7766abd0bf6936364c867c33
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_sparc.deb
          Size/MD5 checksum:   124496 2736df53b6305853b8c3e81a31804375
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_sparc.deb
          Size/MD5 checksum:   148200 e390b00feeee0a027c7f5828660fecdf
         http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_sparc.deb
          Size/MD5 checksum:   123890 b7339c8e4a801dd2dbb81cae06b8e236
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.